From: Andreas Schwab <schwab@suse.de>
Date: Wed, 7 May 2025 07:46:19 +0000 (+0200)
Subject: libiberty: Fix off-by-one when collecting range expression
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=43717ee9064e73d0ad0cfb4f8f937ba9f5cbcc51;p=thirdparty%2Fgcc.git

libiberty: Fix off-by-one when collecting range expression

Fixes this error during build of fixincludes:

In function ‘byte_regex_compile’,
    inlined from ‘xregcomp’ at ../libiberty/../../libiberty/regex.c:7973:11:
../libiberty/../../libiberty/regex.c:3477:29: warning: writing 1 byte into a region of size 0 [-Wstringop-overflow=]
 3477 |                     str[c1] = '\0';
      |                             ^
../libiberty/../../libiberty/regex.c: In function ‘xregcomp’:
../libiberty/../../libiberty/regex.c:3454:35: note: at offset 128 into destination object ‘str’ of size 128
 3454 |                     unsigned char str[128];     /* Should be large enough.  */
      |                                   ^

	* regex.c (regex_compile): Don't write beyond array bounds when
	collecting range expression.
---

diff --git a/libiberty/regex.c b/libiberty/regex.c
index bc36f43d450..8337deaef5a 100644
--- a/libiberty/regex.c
+++ b/libiberty/regex.c
@@ -3468,7 +3468,7 @@ PREFIX(regex_compile) (const char *ARG_PREFIX(pattern),
 			PATFETCH (c);
 			if ((c == '.' && *p == ']') || p == pend)
 			  break;
-			if (c1 < sizeof (str))
+			if (c1 < sizeof (str) - 1)
 			  str[c1++] = c;
 			else
 			  /* This is in any case an invalid class name.  */